Make sure that when initialize hasn't been called yet for a tenant, t…

…hat authentication fails with 40x status code rather than an internal server error.
apache · Apr 29, 2017 · 735776fc136f1a0c365b9c4401eae094241408eb · 735776f
1 parent 57dca2e
commit 735776fc136f1a0c365b9c4401eae094241408eb
Showing 4 changed files with 38 additions and 7 deletions.
diff --git a/component-test/src/main/java/TestAnubisInitialize.java b/component-test/src/main/java/TestAnubisInitialize.java
@@ -16,6 +16,7 @@
 
 import io.mifos.anubis.api.v1.client.Anubis;
 import io.mifos.anubis.api.v1.client.AnubisApiFactory;
+import io.mifos.anubis.api.v1.domain.AllowedOperation;
 import io.mifos.anubis.api.v1.domain.Signature;
 import io.mifos.anubis.example.simple.Example;
 import io.mifos.anubis.example.simple.ExampleConfiguration;
@@ -158,6 +159,20 @@ public void testNonExistentTenant() {
     }
   }
 
+  @Test(expected = InvalidTokenException.class)
+  public void testAuthenticateWithoutInitialize() {
+    try (final TenantDataStoreTestContext ignored = TenantDataStoreTestContext.forRandomTenantName(cassandraInitializer)) {
+
+      final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
+              = new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);
+      final String permissionToken = tenantApplicationSecurityEnvironment.getPermissionToken("bubba", "foo", AllowedOperation.READ);
+      try (final AutoUserContext ignored2 = new AutoUserContext("bubba", permissionToken)) {
+        Assert.assertFalse(example.foo());
+        Assert.fail("Not found exception should be thrown when authentication is attempted ");
+      }
+    }
+  }
+
   private void initialize() {
     final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
             = new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);

diff --git a/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java b/component-test/src/main/java/io/mifos/anubis/example/simple/Example.java
@@ -30,4 +30,7 @@ public interface Example {
 
   @RequestMapping(value = "initialize", method = RequestMethod.DELETE)
   void uninitialize();
+
+  @RequestMapping(value = "foo", method = RequestMethod.GET)
+  boolean foo();
 }
diff --git a/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java b/component-test/src/main/java/io/mifos/anubis/example/simple/ExampleRestController.java
@@ -54,4 +54,10 @@ public ResponseEntity<Void> uninitialize()
     initialized = false;
     return new ResponseEntity<>(HttpStatus.OK);
   }
+
+  @RequestMapping(value = "/foo", method = RequestMethod.GET)
+  @Permittable(AcceptedTokenType.TENANT)
+  public ResponseEntity<Boolean> foo() {
+    return ResponseEntity.ok(false);
+  }
 }
diff --git a/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java b/library/src/main/java/io/mifos/anubis/repository/TenantAuthorizationDataRepository.java
@@ -16,6 +16,7 @@
 package io.mifos.anubis.repository;
 
 import com.datastax.driver.core.*;
+import com.datastax.driver.core.exceptions.InvalidQueryException;
 import com.datastax.driver.core.querybuilder.QueryBuilder;
 import com.datastax.driver.core.querybuilder.Select;
 import com.datastax.driver.core.querybuilder.Update;
@@ -26,6 +27,7 @@
 import io.mifos.anubis.config.TenantSignatureRepository;
 import io.mifos.core.cassandra.core.CassandraSessionProvider;
 import io.mifos.core.lang.ApplicationName;
+import io.mifos.core.lang.ServiceException;
 import io.mifos.core.lang.security.RsaKeyPairFactory;
 import io.mifos.core.lang.security.RsaPrivateKeyBuilder;
 import io.mifos.core.lang.security.RsaPublicKeyBuilder;
@@ -256,13 +258,18 @@ private Optional<Row> getRow(final @Nonnull String timestamp) {
     final Session tenantSession = cassandraSessionProvider.getTenantSession();
     final Select.Where query = timestampToSignatureQueryMap.computeIfAbsent(timestamp, timestampKey ->
             QueryBuilder.select().from(tableName).where(QueryBuilder.eq(TIMESTAMP_COLUMN, timestampKey)));
-    final Row row = tenantSession.execute(query).one();
-    final Optional<Row> ret = Optional.ofNullable(row);
-    ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
-      if (!valid)
-        logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
-    });
-    return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
+    try {
+      final Row row = tenantSession.execute(query).one();
+      final Optional<Row> ret = Optional.ofNullable(row);
+      ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
+        if (!valid)
+          logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
+      });
+      return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
+    }
+    catch (final InvalidQueryException authorizationDataTableProbablyIsntConfiguredYet) {
+      throw new IllegalArgumentException("Tenant not found.");
+    }
   }
 
   private static Boolean mapRowToValid(final @Nonnull Row row) {